Cybersecurity firm SentinelLabs has raised an alert over a significant threat targeting crypto community members using macOS. According to their findings, the North Korean group BlueNoroff is distributing fake crypto news to entice users into downloading a multi-storage malware infection onto their MacBook. Dubbed the “Hidden Risk” campaign, this attack has been circulating since early 2024. Once activated, the malware can phish victims, leading to potential financial losses.
The malware is triggered via suspicious mails, SentinelLabs said in its report. These emails feature fake crypto news that appears to have been sent from the identity of a legitimate influencer.
“The emails hijack the name of a real person in an unrelated industry as a sender and purport to be forwarding a message from a well-known crypto social media influencer,” the report said.
If the target macOS user opens the malicious URL attached to the email it redirects users to a PDF with the ‘delphidigital[.]org’ domain, which is reportedly controlled by the BlueNoroff groups.
“The full URL currently serves a benign form of the Bitcoin ETF document with titles that differ over time. However, at some point, this URL has or does switch to serving the first stage of a malicious application bundle entitled ‘Hidden Risk Behind New Surge of Bitcoin Price.app’,” the report noted.
According to SentinelLabs, BlueNoroff has established a network of infrastructure focused on cryptocurrency interests, mimicking legitimate Web3 solutions. This enables the group to target individuals engaged in crypto, extracting their information for phishing attacks.
So far, Apple has not responded to the findings published by the cybersecurity firm.
In September, the FBI reported that crypto consumers lost over $5.6 billion (roughly Rs. 47,029 crore) to cryptocurrency-related fraud in 2023, marking a 45 percent increase from 2022. The agency also noted a rise in crypto-focused hacks attributed to North Korea.
In October, crypto tracking firm Arkham Intelligence revealed that an unknown hacker had compromised a US government crypto wallet containing assets seized from the 2016 Bitfinex hack. Arkham reported that around $20 million (roughly Rs. 168 crore) had been stolen from the wallet.
Crypto community insiders have repeatedly warned individuals to avoid engaging with crypto-related content from unfamiliar or unverified sources.
